[SOLVED] Router reporting DoS attacks

filbert1

Reputable
Oct 8, 2018
9
0
4,510
I have a Netgear Genie C7000v2 router. It is updated to firmware 1.03.01.

This has been occurring for a month now, and happens almost everyday day but some days it will not occur at all. My network will run normally about 20-30 ms pings to google.com but every 5-10 seconds I get a packet loss and pings up to 2000ms which last only 1-2 seconds. This has made gaming impossible.

I had comcast router/modem and had them replace it with a new one (my model was 10 years old). The issue kept occurring on the new router so I returned that one to comcast and bought my own router/modem. And the issue still occurs. I have reached to to comcast support many times but have gotten little help.

I am on wifi but the router is literally 10 feet away in the same room as the computer. Also this issue occurs on multiple devices. It isn't limited to just my PC it happens on my work laptop as well (also other devices it is obvious when your browsing the internet on your phone and it stops loading randomly for a few seconds).

If I run wireshark I seen nothing of concern. I'm not an expert with wireshark but all packets are pretty straight forward and nothing flooding from outside the network. But even if I ping my work PC to my work laptop I get the high pings (not as high but jump to 500-1000ms. On the internal LAN.

The router I have has "Logs" under advanced settings. The logs under Description say either "[DoS attack: Ping Of Death] from 64.0.76.176, port 0" OR [DoS attack: Teardrop or derivative] from 64.0.76.176, port 0

The targets are never an IP on my network (which is all 192.168.x.x IPs Nor is it my public facing IP. Under source it either list IP 64.0.76.176:0 or 75.75.76.76:53 (which I believe is a comcast DNS server). Unfortunately the logs don't give much more detail only a Description, count, last occurrence, target, and source.

I can't figure out how to fix this issue. I've reported to comcast that I may be getting DoS attacked but they haven't been able to confirm that or do anything about it. My belief is I'm being DoSed because packets are not hitting my PC or any device I can see inside my network via wireshark. All traffic I see off wirehshark appears to be normal. Which leads me to believe my public facing IP on the router/modem is being fulled but I'm not sure how to confirm that. I also reported one of the source IPs to Verizon. Since it is in their ISP as a possible malicious IP (that was over two weeks ago).

Also I don't think it is interference at least from what I can gather. There are only two other Wifi's in range of my house and I have switched my wifi channels to ones that have zero traffic. (using an app on my phone to scan).

I appreciate any help or recommendations.
 
Solution
You likely have a script kidde messing with you. That machine on the 64.x.x.x ip is a verizon ip. Either someone is really stupid and doing it from their house or the machine is compromised and someone is remote controlling.

Most true denial of service attacks come from botnets with hundreds of different ip. This is how they shutdown large companies like blizzard.

You can't really fix it. You could try calling verizon but I doubt you get very far.

So try to leave your modem turned off overnight the longer the better. Your hope is that you can get the ip address to time out and you get a different one. The other option is to see if your ISP will just change it for you.

After you get a new IP be extremely careful who you...
Attaching some screen shots.
FeJPWxU.png


ldlIK9g.png


I just let it ping for a few seconds it only hit up to 515ms but it will often hit over 2000ms and drop a packet to two as well.

I've tried many troubleshooting steps but again since it occurs on my work laptop I believe it is a issue with being DoS'ed or with comcast. If there is any action I can do or a way to try and get ISP support the needed information I would appreciate any advice.
 
Welcome to the internet!! DoS attacks are common and your router is doing its job of not passing this to your LAN.

They shouldn't be near contrast for a month. And I've talked to comcast support 5 times. Is there any recommendation on what I can do to help them resolve this?

Because I'm currently unable to play any games online, they are literally unplayable. I also work from home and I can't join any meeting hosted online. I must use call in numbers other wise I just cut in and out every 10-20 seconds.
 
Also, the issue occurs as well if I'm hardwired in. I hadn't tested hardwire since a few weeks ago when it first started. I tested it today and still will get pings in the thousands of milliseconds.
 
You likely have a script kidde messing with you. That machine on the 64.x.x.x ip is a verizon ip. Either someone is really stupid and doing it from their house or the machine is compromised and someone is remote controlling.

Most true denial of service attacks come from botnets with hundreds of different ip. This is how they shutdown large companies like blizzard.

You can't really fix it. You could try calling verizon but I doubt you get very far.

So try to leave your modem turned off overnight the longer the better. Your hope is that you can get the ip address to time out and you get a different one. The other option is to see if your ISP will just change it for you.

After you get a new IP be extremely careful who you tell and be extremely careful of any game that is not centrally hosted. Best option is to use a vpn so nobody can get your actual IP.
 
Solution